lfk/backend
2
0
Fork 0
Code Issues 1 Pull Requests Actions Projects Releases 40 Activity

Now disableing users while they're in the process of resetting their password

Browse Source 
ref #40
This commit is contained in:
Nicolai Ort 2020-12-22 11:18:31 +01:00
parent 17ee682029
commit 4b9bfe3b79
3 changed files with 21 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/errors/AuthError.ts
View File

@ -118,7 +118,7 @@ export class RefreshTokenCountInvalidError extends NotAcceptableError {
} }
/** /**
* Error to throw when someone tryes to refresh a user's password more than once in 15 minutes. * Error to throw when someone tryes to reset a user's password more than once in 15 minutes.
*/ */
export class ResetAlreadyRequestedError extends NotAcceptableError { export class ResetAlreadyRequestedError extends NotAcceptableError {
@IsString() @IsString()
@ -126,4 +126,15 @@ export class ResetAlreadyRequestedError extends NotAcceptableError {
@IsString() @IsString()
message = "You already requested a password reset in the last 15 minutes. \n Please wait until the old reset code expires before requesting a new one." message = "You already requested a password reset in the last 15 minutes. \n Please wait until the old reset code expires before requesting a new one."
}
/**
* Error to throw when someone tries a disabled user's password or login as a disabled user.
*/
export class UserDisabledError extends NotAcceptableError {
@IsString()
name = "UserDisabledError"
@IsString()
message = "This user is currently disabled. \n Please contact your administrator if this is a mistake."
} }

9
src/models/actions/CreateResetToken.ts
View File

@ -1,6 +1,6 @@
import { IsEmail, IsOptional, IsString } from 'class-validator'; import { IsEmail, IsOptional, IsString } from 'class-validator';
import { getConnectionManager } from 'typeorm'; import { getConnectionManager } from 'typeorm';
import { ResetAlreadyRequestedError, UserNotFoundError } from '../../errors/AuthError'; import { ResetAlreadyRequestedError, UserDisabledError, UserNotFoundError } from '../../errors/AuthError';
import { UsernameOrEmailNeededError } from '../../errors/UserErrors'; import { UsernameOrEmailNeededError } from '../../errors/UserErrors';
import { JwtCreator } from '../../jwtcreator'; import { JwtCreator } from '../../jwtcreator';
import { User } from '../entities/User'; import { User } from '../entities/User';
@ -33,14 +33,13 @@ export class CreateResetToken {
throw new UsernameOrEmailNeededError(); throw new UsernameOrEmailNeededError();
} }
let found_user = await getConnectionManager().get().getRepository(User).findOne({ where: [{ username: this.username }, { email: this.email }] }); let found_user = await getConnectionManager().get().getRepository(User).findOne({ where: [{ username: this.username }, { email: this.email }] });
if (!found_user) { if (!found_user) { throw new UserNotFoundError(); }
throw new UserNotFoundError(); if (found_user.enabled == false) { throw new UserDisabledError(); }
}
if (found_user.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 15 * 60)) { throw new ResetAlreadyRequestedError(); } if (found_user.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 15 * 60)) { throw new ResetAlreadyRequestedError(); }
found_user.refreshTokenCount = found_user.refreshTokenCount + 1; found_user.refreshTokenCount = found_user.refreshTokenCount + 1;
found_user.resetRequestedTimestamp = Math.floor(Date.now() / 1000); found_user.resetRequestedTimestamp = Math.floor(Date.now() / 1000);
found_user.enabled = false;
await getConnectionManager().get().getRepository(User).save(found_user); await getConnectionManager().get().getRepository(User).save(found_user);
//Create the reset //Create the reset

12
src/models/actions/ResetPassword.ts
View File

@ -3,7 +3,7 @@ import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
import * as jsonwebtoken from 'jsonwebtoken'; import * as jsonwebtoken from 'jsonwebtoken';
import { getConnectionManager } from 'typeorm'; import { getConnectionManager } from 'typeorm';
import { config } from '../../config'; import { config } from '../../config';
import { IllegalJWTError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UserNotFoundError } from '../../errors/AuthError'; import { IllegalJWTError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UserDisabledError, UserNotFoundError } from '../../errors/AuthError';
import { User } from '../entities/User'; import { User } from '../entities/User';
/** /**
@ -44,15 +44,13 @@ export class ResetPassword {
} }
const found_user = await getConnectionManager().get().getRepository(User).findOne({ id: decoded["id"] }); const found_user = await getConnectionManager().get().getRepository(User).findOne({ id: decoded["id"] });
if (!found_user) { if (!found_user) { throw new UserNotFoundError(); }
throw new UserNotFoundError() if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) { throw new RefreshTokenCountInvalidError(); }
} if (found_user.enabled == false) { throw new UserDisabledError(); }
if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) {
throw new RefreshTokenCountInvalidError()
}
found_user.refreshTokenCount = found_user.refreshTokenCount + 1; found_user.refreshTokenCount = found_user.refreshTokenCount + 1;
found_user.password = await argon2.hash(this.password + found_user.uuid); found_user.password = await argon2.hash(this.password + found_user.uuid);
found_user.enabled = true;
await getConnectionManager().get().getRepository(User).save(found_user); await getConnectionManager().get().getRepository(User).save(found_user);
return "password reset successfull"; return "password reset successfull";